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.SPECIFICATION obtain the revocation list (CRL (underscore ) DEV) from the 
registration authority (RA(PAR)). If the device is revoked, the 
partition creation processing cannot be permitted , and the process is 
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terminated as an error. 

If the device is not revoked, in, . .obtain the revocation list 
(CRL (underscore) PAR) from the registration authority (RA{PAR)). If the 
device is revoked, the partition creating processing or deletion 
processing cannot be peanaitted , and the process is terminated as an 
error . 

If the device is not revoked, in... obtain the revocation list 
(IRL (underscore) PAR) from the registration authority (RA(PAR) ) . If the 
device is revoked, the partition creation processing or deletion 
processing cannot be permitted , and the process is terminated as an 
error . 

If the device is not revoked, in. . . 
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...SPECIFICATION method, data recording method, and list updating method, 
according to the present invention, an updating revocation list 
received from a communication path for example, is compared with the 
version information of the current revocation list , in the updating 
processing of the revocation list as well, and updating of the 
revocation list is permitted only in the event that judgment is made 
that the updating list is a newer. . . 
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. . . G06F-001/00 

...SPECIFICATION When the received type of data is vehicle data (step 
S207), the ASP server 4 determines using an access right table 
whether or not an access to the vehicle data is permitted (step S208) . 
As shown in Fig. 20, the storage device 4a has previously stores the 
access right table for indicating whether an access is permitted / 
denied for each type of data to devices and servers. In Fig. 20, the. 
mark indicates access permitted data, while the mark indicates access 
denied data. Therefore, as can be seen from the access right table, 
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since only the music delivery center device 9 is denied an access to 
the vehicle data, the ASP server 4 notifies a grant of access... 

,.S209). On the other hand, if the data read request has been made by 
another device including the music delivery center device 9 or a 
server, the ASP server 4 notifies a denied access to the data (step 
3210) . 

When the received type of data is driver data (step S211), the ASP 
server 4 determines using the access right table whether or not an 
access to the driver data is permitted (step S212) . As can be seen from 
the access right table shown in Fig. 20, since the ASP server 4 permits 

an access to the driver data from the devices 5, 6, 9, 10 and the 
servers 7, 8, the ASP server 4 notifies a... 

..data read request has been made by a device or a server other than the 
devices 5, 6, 9, 10 and the servers 7, 8, the ASP server 4 notifies a 
denied access to the driver data (step S210) . 

When the received type of data is music data (step S214), the ASP 
server 4 determines using the access right table whether or not an 
access to the music data is permitted (step S215) . As can be seen from 
the access right table shown in Fig. 20, since the ASP server 4 permits 
an access to the music data from the device 9 and the servers 7, 8, the 
ASP server 4 notifies a grant of access... 

..the data read request has been made by a device or a server including 
the devices 5, 6, 10 other than the device 9 and the servers 7, 8, 
the ASP server 4 notifies a denied access to the driver data (step 
S210). 

When the received type of data is map data (step S217), the ASP server 
4 determines using the access right, table whether or not an access 
to the map data is permitted (step S218) . As can be seen from the 
access right table shown in Fig. 20, since the ASP server 4 permits an 
access to the map data from the devices 6, 9, 10 and the server 7, the 
ASP server 4 notifies a grant of. . . 

. .device' or a server including the device 5 and the server 8 other than 
the devices , 6, 9, 10 and the server 7, the ASP server 4 notifies a 
denied access to the map data (step S210) . 

As illustrated in Fig. 22, when the received type of data is traveling 
data (step S220), the ASP server 4 determines using the access right 
table whether or not an access to the traveling data is permitted 
(step S221) . As can be seen from the access right table shown in Fig. 20, 
since the ASP server 4 permits an access to the traveling data from the 
devices 5, 6, 10 and the server 7, the ASP server 4 notifies a grant of 



.device or a server including the device 9 and the server 8 other than 
the devices , 5, 6, 10 and the server 7, the ASP server 4 notifies a 
denied access to the traveling data (step S210) . 

When the received type of data is address book data (step S223), the 
ASP server 4 determines using the access right table whether or not 
an access to the address book data is permitted (step S224). As can be 
seen from the access right table shown in Fig. 20... 

.the data read request has been made by a device or a server including 
the devices 5, 6, 9, 10 other than the serves 7, 8, the ASP server 4 
notifies a denied access to the address book data (step S210) . 

When the received type of data is emergency data (step S226) , the ASP 
server 4 determines using the access right table whether or not an 
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access to the emergency data is permitted (step S227). As can be seen 
from the access right table shown in Fig. 20, since the ASP server 4 
permits an access to the emergency data from the server 7 and the 
device 10, the ASP server 4 notifies a grant of access to the address 
book data . . . 

...has been made by a device or a server including the server 8 and the 
devices 5, 6, 9 other than the serve? and the devices 10, the ASP 
server 4 notifies a denied access to the emergency data (step S210) . 

When the ASP server 4 permits an access to data, the ASP server 4 
accepts the access to the permitted type... 

10/3, K/4 (Item 4 from file: 348) 

DIALOG (R) File 348: EUROPEAN PATENTS 

(c) 2003 European Patent Office. All rts. reserv. 

01408857 

Mobile communication device and method 
Mobiles Kommunikationsgerat und Verfahren 
Dispositif de communication mobile et precede 

PATENT ASSIGNEE: 

Pioneer Corporation, (2812420), 4-1 Meguro 1-chome, Meguro-ku, Tokyo, 
( JP) , (Applicant designated States; all) 
INVENTOR: 

Yasushi, Mitsuo, c/o Pioneer Corporation, Corp. Research & Development 
Lab., 6-1-1, Fujimi, Tsurugashima-shi , Saitama 350-2288, (JP) 

Yanagidaira, Masatoshi, c/o Pioneer Corporation, Corp. Research & 

Development Lab., 6-1-1, Fujimi, Tsurugashima-shi, Saitama 350-2288, 
(JP) . 

LEGAL REPRESENTATIVE: 

Betten & Resch (101033), Patentanwalte, Theatinerstrasse 8, 80333 Munchen 
, (DE) 

PATENT (CC, No, Kind, Date) : EP 1191806 A2 020327 (Basic) 
APPLICATION (CC, No, Date) : EP 2001122945 010925; 
PRIORITY (CC, No, Date) : JP 2000291127 000925 

DESIGNATED STATES: AT; BE; CH; CY; DE; DK; ES; FI; FR; GB; GR; IE; IT; LI; 

LU; MC; NL; PT; SE; TR 
EXTENDED DESIGNATED STATES: AL; LT; LV; MK; RO; SI 
INTERNATIONAL PATENT CLASS: H04Q-007./38 ; H04L-012/56 
ABSTRACT WORD COUNT: 4 9 
NOTE: 

Figure number on first page: 1 

LANGUAGE ( Publication, Procedural , Application) : English; English; English 
FULLTEXT AVAILABILITY: 

Available Text Language Update Word Count 

CLAIMS A (English) 200213 639 

SPEC A (English) 200213 10217 

Total word count - document A 10856 
Total word count - document B 0 

Total word count - documents A + B 10856 

...INTERNATIONAL PATENT CLASS: H04L-012/56 

...SPECIFICATION When the received type of data is vehicle data (step 
S207), the ASP server 4 determines using an access right table 
whether or not an access to the vehicle data is permitted (step S208) . 
As shown in Fig. 20, the storage device 4a has previously stores the 
access right table for indicating whether an access is permitted / 
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denied for each type of data to devices and servers. In Fig. 20, the 
mark indicates access permitted data, while the mark indicates access 
denied data. Therefore, as can be seen from the access right table, 
since only the music delivery center device 9 is denied an access to 
the vehicle data, the ASP server 4 notifies a grant of access... 

..S209). On the other hand, if the data read request has been made by 
another device including the music delivery center device 9 or a 
server, the ASP server 4 notifies a denied access to the data (step 
S210) . 

When the received type of data is driver data (step S211), the ASP 
server 4 determines using the access right table whether or not an 
access to the driver data is permitted (step S212) . As can be seen from 
the access right table shown in Fig. 20, since the ASP server 4 permits 
an access to the driver data from the devices 5, 6, 9, 10 and the 
servers 7, 8, the ASP server 4 notifies a... data read request has been 
tmade by a device or a server other than the devices 5, 6, 9, 10 and the 
servers 1, 8, the ASP server 4 notifies a denied access to the driver 
data (step S210) . 

When the received type of data is music data (step S214), the ASP 
server 4 determines using the access right table whether or not an 
access to the music data is permitted (step S215) , As can be seen from 
the access right table shown in Fig. 20, since the ASP server 4 permits 
an access to the music data from the device 9 and the servers 7, 8, the 
ASP server 4 notifies a grant of access... 

..the data read request has been made by a device or a server including 
the devices 5, 6, 10 other than the device 9 and the servers 7, 8, 
the ASP server 4 notifies a denied access to the driver data (step 
S210). 

When the received type of data is map data (step S217), the ASP server 
4 determines using the access right table whether or not an access 
to the map data is permitted (step S218) . As can be seen from the 
access right table shown in Fig. 20, since the ASP server 4 permits an 
access to the map data from the devices 6, 9, 10 and the server 7, the 
ASP server 4 notifies a grant of . . . 

. .device or a server including the device 5 and the server 8 other than 
the devices , 6, 9, 10 and the server 7, the ASP server 4 notifies a 
denied access to the map data (step S210) . 

As illustrated in Fig. 22, when the received type of data is traveling 
data (step S220) , the ASP server 4 determines using the access right 
table whether or not an access to the traveling data is permitted 
(step S221) . As can be seen from the access right table shown in Fig. 20, 
since the ASP server 4 permits an access to the traveling data from the 
devices 5, 6, 10 and the server 7, the ASP server 4 notifies a grant of 



..device or a server including the device 9 and the server 8 other than 
the devices , 5, 6, 10 and the server 7, the ASP server 4 notifies a 
denied access to the traveling data (step S210) . 

When the received type of data is address book data (step S223), the 
ASP server 4 determines using the access right table whether or not 
an access to the address book data is permitted (step S224). As can be 
seen from the access right table shown in Fig. 20... 

..the data read request has been made by a device or a server including 
the devices 5, 6, 9, 10 other than the serves 7, 8, the ASP server 4 
notifies a denied access to the address book data (step S210) . 
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When the received type of data is emergency data (step S226), the ASP 
server 4 determines using the access right table whether or not an 
access to the emergency data is permitted (step S227) . As can be seen 
from the access right table shown in Fig. 20, since the ASP server 4 
permits an access to the emergency data from the server 7 and the 
device 10, the ASP server 4 notifies a grant of access to the address 
book data . . . 

.has been made by a device or a server including the server 8 and the 
devices 5, 6, 9 other than the serve? and the devices 10, the ASP 
server 4 notifies a denied access to the emergency data (step S210) . 

When the ASP server 4 permits an access to data, the ASP server 4 
accepts the access to the permitted type. . . 
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. . . G06F-017/30 

...SPECIFICATION When the received type of data is vehicle data (step 
S207), the ASP server 4 determines using an access right table 
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whether or not an access to the vehicle data is permitted (step S208) . 
As shown in Fig. 20, the storage device 4a has previously stores the 
access right table for indicating whether an access is permitted / 
denied for each type of data to devices and servers. In Fig. 20, the 
mark indicates access permitted data, while the mark indicates access 
denied data. Therefore, as can be seen from the access right table, 
since only the music delivery center device 9 is denied an access to 
the vehicle data, the ASP server 4 notifies a grant of access... 

...S209). On the other hand, if the data read request has been made by 
another device including the music delivery center device 9 or a 
server, the ASP server 4 notifies a denied access to the data (step 
S210) . 

When the received type of data is driver data (step S211) , the ASP 
server 4 determines using the access right table whether or not an 
access to the driver data is permitted (step S212). As can be seen from 
the access right table shown in Fig. 20, since the ASP server 4 permits 
an access to the driver data from the devices 5, 6, 9, 10 and the 
servers 7, 8, the ASP server 4 notifies a. . . 

. . .data read request has been made by a device or a server other than the 
devices 5, 6, 9, 10 and the servers 7, 8, the ASP server 4 notifies a 
denied access to the driver data (step S210) . 

When the received type of data is music data (step S214), the ASP 
server 4 determines using the access right table whether or not an 
access to the music data is permitted (step S215) . As can be seen from 
the access right table shown in Fig. 20, since the ASP server 4 permits 
an access to the music data from the device 9 and the servers 7, 8, the 
ASP server 4 notifies a grant of access... 

...the data read request has been made by a device or a server including 
the devices 5, 6, 10 other than the device 9 and the servers 7, 8, 
the ASP server 4 notifies a denied access to the driver data (step 
S210) . 

When the received type of data is map data (step S217), the ASP server 
4 determines using the access right table whether or not an access 
to the map data is permitted (step S218) . As can be seen from the 
access right table shown in Fig. 20, since the ASP server 4 permits an 
access to the map data from the devices 6, 9, 10 and the server 7, the 
ASP server 4 notifies a grant of. . . 

...device or a server including the device 5 and the server 8 other than 
the devices , 6, 9, 10 and the server 7, the ASP server 4 notifies a 
denied access to the map data (step S210) . 

As illustrated in Fig. 22, when the received type of data is traveling 
data (step S220), the ASP server 4 determines using the access right 
table whether or not an access to the traveling data is permitted 
(step S221) . As can be seen from the access right table shown in Fig. 20, 
since the ASP server 4 permits an access to the traveling data from the 
devices 5, 6, 10 and the server 7, the ASP server 4 notifies a grant of 



.device or a server including the device 9 and the server 8 other than 
the devices , 5, 6, 10 and the server 7, the ASP server 4 notifies a 
denied access to the traveling data (step S210) . 

When the received type of data is address book data (step S223) , the 
ASP server 4 determines using the access right table whether or not 
an access to the address book data is permitted (step S224) . As can be 
seen from the access right table shown in Fig. 20... 
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.the data read request has been made by a device or a server including 
the devices 5, 6, 9; 10 other than the serves 1, 8, the ASP server 4 
notifies a denied access to the address book data (step S210) . 

When the received type of data is emergency data (step S226) , the ASP 
server 4 determines using the access . right table whether or not an^ 
access to the emergency data is permitted (step S227) . As can be seen 
from the access right table shown in Fig. 20, since the ASP server 4 
permits an access to the emergency data from the server 7 and the 
device 10, the ASP server 4 notifies a grant of access to the ...has 
been made by a device or a server including the server 8 and the devices 

5, 6, 9 other than the serve? and the devices 10, the ASP server 4 
notifies a denied access to the emergency data (step S210) . 

When the ASP server 4 permits an access to data, the ASP server 4 
accepts the access to the permitted type... 
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stop clock command is issued to the stop clock circuitry within stop 
clock control 32. Note that if the stop clock circuitry has not been 
previously armed, or has been disarmed by. . . 
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English Abstract 

A system for allowing a potential buyer of second-hand of a CE device 
(60) to look up an identifier of the device (60) in a revocation list 
(55)/ in order to determine if the CE device (60... 

Detailed Description 

... and second identifiers corresponding to each CE device 60. 
Accordingly, the revocation status of CE device 60 can be determined 
by comparing either identifier to the revocation list 55. 

Fig. 4 is a block diagram of a piece of a CE device 60 according to an 
exemplary embodiment of . . . 
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Claim 

secure communication channel if the signatures are invalid. 
139. An engine configured to revoke a host , the engine comprising: 
a block configured to receive a certificate from a host , the 
certificate including a plurality of fields including a field holding a 
protocol public key. . . 

...verifying including: verifying the certifying authority signature using 
the protocol public key; 
and 

verifying a host signature using a host public key on the 
certificate; and a block configured to receive validation data from a 
source, the validation data . . .data on the certificate as valid or 
invalid according to a 
revocation list; and 

a block configured to preventing the transmission of a session key to 
the host to establish a secure communication channel if the signatures 
are invalid. - 123 
and 

0 verifying a host signature using a host public key on the 
certificate; and a block configured to receive validation data from a 
source, the validation data identifying one or more data on the 
certificate as valid or invalid according to 
a revocation list; and 

a block configured to preventing the transmission of a session key to 
the host to 5 establish a secure communication channel if the 
signatures are invalid. 

141. Amethodof securingcontentstoredonmedia, themethodcomprising . . .open API 
allows access to file system data on the media; and 

the secure API allows access to secure data on the media according to 
one or more identifiers on the media. 166. The apparatus of claim 165 
wherein the secure API includes a first secure AN and one or. . . 

...secure API controlling access to the content with the additive layers of 
security. 167. The apparatus of claim 164 wherein the firraware manages 
content access via at least one application programming interface (API) , 
the API preventing block level access to the media by a host . 168. 
The apparatus of claim 167 wherein the AN prevents block level access 
to the content via a host . - 127 authenticated channel. 170. The 
apparatus of claim 158 wherein the media is portable media, including an 
optical disk and the... 
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English Abstract 

Disclosed herein is a method and apparatus for controlling access from 
the outside through the Internet. The present invention uses a storage 
unit for storing an access- allowable address list communicating with a 
network interface card, extracts an address from packets 
transmitted/received through the network interface card, an compares 
the extracted address with addresses on the access - allowable address 
list , and determines access allowance or access prohibition 
according to the compared result. The network interface card of the 
present invention communicates with a storage device for storing a 
secure access - allowable list on the Internet. Further, an address 
determining unit of the network interface card extracts an address from 
packets received from the outside and allows only accesses by secure 
computers, so as to control international accesses. Further, the present 
invention. . . 

Detailed Description 
interface card, , 
extracts an address from packets transmitted/received through 
the network interface card, and compares the extracted 
address with addresses on the access - allowable address list , 
and determines access allowance or access prohibition 
according to the compared result. Accesses from a user host 
(60) to the outside are freely carried out, and any arbitrary 
access request from the... 
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Claim 

... comprising the steps of. 

storing a block time for the attacking source IP address, the block 
time 

indicating a time period during which said preventing step is performed; 

determining whether the block time has expired; and 
removing the attacking source IP address from the access control list 
of the host router in response to a determination that the block 
time has expired. 

41 A computer-readable medium having computer-executable instructions 
for performing the. . . 
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Detailed Description 

rules to determine whether the packet has access to the particular 
destination. In addition, these devices may provide functions such as 
user authentication. 

Also, application proxies, e.g., socks and caching web proxies,, allow 
specific applications to be executed for network security affa h. nght 
d-jgd-Ae-f f i . . . 
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... rights list that has been set up by the application's administrator. 
If the rights match , the user is allowed to install the application. 
Content can be given access control lists as well, enabling a single 
application to serve different levels of content to users with... 
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... authorization functions, based on secured SSL RSA sockets, X.509 
digital 3 0 certificates and access control lists (ACLs) . Together, 
all of these security functions allow the system to determine the 
user of the provided services. Access to some application server 132 or 
134 services . . . 
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... be utilized in a given transmission. Moreover, the above-described 
capability of accessing a path determination table ( determination 
access algorithm) , allows, a user to physically move and redistribute 
modules within a cell area such that upon. . . 
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Detailed Description 
controlle? or 

25 ' DAC ' is a physical device which can be applied as a conjunctive 

device or as an integrated part of any kind of information storage unit 
in 

an electronic system. Applied as such, DACs allow secure sharing of 
common storage by transforming logically partitioned systems into 
physically partitioned systems with... 
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... device driver 250. 

The name server or a separate binding object manager (BOM) process may 
allow processes and- configurable objects to pass additional information 
adding further flexibility to inter-process cominunications . . . 
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... to the compliant modules 130. At ieach level of the hierarchy, the 
communicated certificates are compared • to the entries in the 
corresponding revocation list at that level . 

FIG. 2 illustrates an example block diagram of an access control device 
200, as may be used, for example, at the... 
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Detailed Description 

... revocation list is received at the module, 420. The method includes 
determining whether the host device is associated with the module is on 
the list, 430. If so, the method causes the conditional access module to 
deny the content controlled to the host device , 440. The conditional 
access module may also not descramble the copy controlled content. 

While the. . . 
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Claim 

content to a host 
device comprising : 

receiving (41 0) copy controlled content; 
receiving {'420) a revocation list ; 

determining (430) whether a host device associated with an access 
module is on the revocation list ; 

if the host device is on the revocation list, causing (440) the 
associated 

access module to deny the copy controlled content to the host device 

2 The method of claim 1, wherein the revocation list is received in band 
along ... 

. . .host 

device comprising: 

means (220) for receiving copy controlled contents- 
means (220) for receiving a revocation list ; 

means for determining (240) whether a host device associated with 
an 

access module is on the revocation list ; 

means (240) for causing the access module to deny the copy controlled 
content to the host device if the host device is on the 
revocation list. 

17 The apparatus of claim 16, wherein the revocation list... 

. . .host 

device comprising: 

an access module (240) configured to receive copy controlled content 
and a revocation list ; 

a determiner (24 0) configured to determine whether a host device 

associated with the access module is on the revocation list ; 

a revoker (240) configured to deny the copy controlled content to the 

host device if the host device is on the revocation list. 

15 

. The apparatus of claim 21, wherein the revocation list is received in 
band with the copy controlled, . . 

...the revocation list having a range of host identifiers that bounds the 
identifier of the host associated with the access unit. 
27 The apparatus of claim 21, wherein the access device is further 
configured to allow access to the copy controlled content if the host 
is not on the revocation list... copy controlled content to a host 
device comprising receiving copy controlled contents- 
receiving (420) a revocation list ; 

determining (430) whether a host device associated with an access 
module is on the revocation list ; 

if the host device is on the revocation list, causing (440) the 
associated access module to deny the copy controlled content to the 
host device . 

34 The computer readable medium of claim 33, wherein the revocation list 
is received in... 
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... because several users want to use the software at the same time. To 
assure wide access , 
182 

end users frequently must obtain unneeded CPU-locked software to assure 
availability and convenience... 
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using wireless technology, Internet enabled PDAs or Internet enabled 
PCs. The centralised storage of lists allows these users to access 
their lists whenever and wherever they wish. 

The illustrations which follow compare the List Management engine 
displays seen by web users with those seen by users of... 
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Claim 

not found to be present or the 
particular processor being identified as absent. 

14 The apparatus of Claim 6, wherein the local block 
unit receives a vector address from the memory directory 
interface unit, the local block unit operable to access a 
vector table in response to the vector address, the vector 
table identifying processors determined by the memory 
directory interface unit to be affected by the invalidation 
request . 

15 The. . . 
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all published revoked identifiers 201, the likelihood of a particular 
revoked identifier in the master revocation list 250 being 
communicated to an access control device I 00 is substantially less 
determinable than prior methods of communicating the most 5 recently 
revoked identifiers. This aspect of the invention also allows the 
benefits gained by random selection to be realized by some conventional 
access control devices , albeit to a lesser degree. That is, for 
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... may constrain 1 5 access to resources. In an exemplary embodiment of 
the present invention, 
permissioning is achieved by having each agent carry with it an access 

control list which is a permission list determining which services 
it may 

access, and other security information. Current systems do not provide 

agents... 0 may use on that device. Agent 110 may 

only execute on the devices listed in access control list 24 0. 

Alternate 

embodiments may provide other methods and structures for recording 
permissioning of agents. Alternate embodiments may provide a different 
1 5 structure for agents. 

In an. .. requests a service by calling a service method, the proactive 
environment 
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accesses the agent's access control list to determine if the agent 
has 

permission to run that service on the device . 

Services may provide circumscribed, altered or limited access to 
resources, separate from tailoring resulting from permissioning . For 
29 

example, agents may be permitted to access files, but not files devoted 
proactive. . . 
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Claim 

the software instance is to be 
used; 

distributing the instance of software to a user device ; 
determining if the attempt to use the instance of the software is 

allowable by performing the test and allowing use if the incorporated 
identifier equals the device identifier then the software instance can 
be used, 

otherwise perfon-ning punitive action 

10... UNDS OF CALL 

INSTAN OLICY? 

YES NO 

GC-D&BLED V 

CONTINUE 27 9 
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PERFORM USER DEVICE 
PUNITIVE ACTION 
IF 1 

275 276 Or I 1014AL. 
ALLOW DENY + 

ACCESS ACCESS 273 

PERFORM 

CALL-UP 

PROCESSING 

277 

UPDATE TAG 
TABLE 

USAGE SUPERVISION PROCESSING 
FlGm. . . 

. . .T ACCESSED THE SHARED 

OFTWARE DATA SSD AT THE TIME X? , 
NO 

V 

703 704 

ALLOW ACCESS TO PERFORM USER DEVICE 
SHARED SOFTWARE PUNITIVE ACTION 
DATA SDD 
I FlGm 15 

SUBSTM SHET (RULE26) 
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Detailed Description 

experiment with the placement of 
security safeguards representing such entities as firewalls, 
intrusion detectors, and access lists , These can be positioned 
at various locations in order to determine network security. 

The tool allows various types of node groupings in 

order to help visualize the vulnerability paths - In Figure... 
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Claim 

... a relative LIRL) 
I 

End inner loop (for 2*n sele cted paths of this host pair) 
1010 Determine what percentage of the 2*n paths for this host 
pair "match". If above a threshold, allow the host pair to 
remain (if no, eliminate host pair from ranking) 
I 

End outer loop (for each host pair) 
Fig 1 0(a) 
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Claim 

it a relative URL) 

I 

End inner loop (for 2*n selected paths of this host pair) 
1010 Determine what percentage of the 2*n paths for this host 
pair "match". If above a threshold, allow the host pair to 
remain (if no, eliminate host pair from ranking) 
I 

End outer loop (for each host pair 
Fig 1 0(a) 

Page level connectivity 
SUBST=E SHEET (RULE 26) 
www. abc ... ■ 
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Detailed Description 
manually. 

Known systems for controlling the types of information accessible on a 
network rely on comparing a requested destination with those on pre- 
determined Access Control Lists (ACL) or on word matching to 
determine whether to allow or deny access . This approach can be 
applied atthe client node priorto requesting the information or on any 
suitably intelligent network device capable of intercepting the request 
or subsequent reply prior to it reaching the requester. For... 
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. . . the controller receives a request from a host for a logical unit, it 
checks the access table to determine if the host is allowed 
access. If the host is not allowed access, the controller reports 
back to the host that the logical unit is not connected. If the host 
is allowed access, the request is processed. 

3 

The user can access the RAID controller for configuration. . . 
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... in the remote 

device to be accessed; 

determining an index to the start of a block of rows from 
which data within the table is required; 

determining the number of rows to be accessed; 
composing a Protocol Data Unit designated as a table block 

access request and .including information representative of on or 
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more of said determining steps; 

outputting the Protocol Data Unit to the remote device; and 
obtaining said data from. . . 

Claim 

the number of rows to be accessed; 
composing a Protocol Data Unit designated as a table 

block access request and including information 
representative of said determining ; 
outputting the Protocol Data Unit to the remote 

device ; and 

obtaining said data from a response Protocol Data Unit 
received from the remote device... 
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... as claimed in claim 6, wherein the processor comprises means for 
updating a user-specific access list on a remote access server, and 
for reading from said list to determine allowed links for the proxy 
server . 



8 An apparatus as claimed in any preceding claim, wherein. . . 
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... display device for a personal computer. 

The RDRAM frame buffer provides a performance improvement by 

permitting faster access to display list instructions and pixel 
data, compared to accessing data stored in the main memory 104 of 
the host computer system 100... 
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Detailed Description 

... device for a personal computer. 

The RDRAM frame buffer 315 provides a performance improvement 
by permitting faster access to display list instructions and pixel 
data, compared to accessing data stored in the main memory 304 of 
the host computer system 300... 
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Detailed Description 

. . . a provider request from the authentication host, the BASIC provider 
searches a predefined username/password access list to determine if 
access should be provided. If the BASIC provider finds a 
username/password match , the BASIC provider sends a message to the 
authentication host indicating that access should be allowed based on 
the supplied username and password pair. However, if the BASIC provider 
does not find a match, the BASIC provider sends a message to the 
authentication host indicating that access should not be allowed 
based on the usemame/password pair. 

Another example of a type of provider that may. . . 
...finds an IP address match, the IP address provider sends a message to 
the authentication host indicating that access should be allowed 
based on the supplied IP address. 

However, if the IP address provider does not find. . . 
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English Abstract 

...server (150) on the network. According to one embodiment, the client 
system ( 110 )■ receives an access list from the log server (150) and 
compares the access request to the access list . In this embodiment, 
access to the host system (120) is allowed only if the request does 
not conflict with the access list. According to another embodiment... 



Detailed Description 
the network. 



According to one embodiment of the present invention, the client 
system receives an access list from the log server and compares the 
access request to the access list . In this embodiment, access to the 
host system is allowed only if the request does not conflict with the 
access list. According to another embodiment... 
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one or more Secure Event Processing Environments ('SPEs...of component 
assemblies 690 using a debugger; using a 

map of defects on a s.torage device (e.g., a hard disk, memory 
card, etcJ to form internal test values to impede... 

.example) such that detailed and/or complete 

instruction sequences are not stored explicitly on storage devices 
and/or in active memory but rather are generated as needed; 
using code that "shuf f les . . . it may provide appropriate drivers 
and hardware manacTers for interactingWith Linput/output and/or 
peripheral devices such as keyboard -612, display 614, other 

devices such as a "mouse' pomiting device and speech recognizer 
613, modem 618, printer 622, and an adapter for network 672. 

Kernel... by a requesting process. This prevents unauthorized use of 
information. As a third protection, a device assigned tag (e.g., a 
sequence number 1 stored under an encr-yption laver of . . .may interact 
with drivers and other hardware 

managers that provide communications and interactivity with 
physical devices . 

- 288 

RFC Manager 7 32 

ROS 602 in a preferred embodiment is designed around a 
"services . . . 
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Detailed Description 

authorized to receive remote procedure 
calls through the firewall. This check is performed using 
an access control list (ACL) manager. In step 110, the 
result of the authorization check is determined . If the 
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application server 28 was not authorized, then 
authorization is denied in step 120 and the procedure 
terminates in step 122. If the application server 28... 
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